Public and healthcare sectors are the main targets, multiple dangerous vulnerabilities, Linux and cryptocurrency exchanges are at risk
Positive Technologies analyzed the 2021 cybersecurity threatscape and noted the dominance of ransomware among malware, an increase in the intensity of attacks on cryptocurrency exchanges, and the emergence of critical vulnerabilities that were immediately exploited to attack numerous organizations around the world. The report warns that these trends will remain live in 2022.
The number of cyberattacks in 2021 increased by 6.5 percent compared to 2020. The share of targeted attacks increased by 4 percentage points in comparison with 2020 and amounted to 74 percent of all attacks. As in 2020, 86 percent of all attacks were aimed at organizations. The three most frequently attacked sectors were government (16%), healthcare (11%), and industry (10%). The following attack methods were most popular: malware (63%), social engineering (50%), and hacking—exploitation of security flaws and vulnerabilities in software (32%).
Among the malware used in attacks on companies, ransomware was prevalent: according to Positive Technologies, it was involved in 60 percent of cases, and the increase compared to 2020 amounted to 15 percentage points. In 2021, cybercriminals started threatening to publish stolen data if the victim asked the police for help or hired a negotiator. This tactic had already been used by Grief and Ragnar Locker.
According to Positive Technologies, the number of attacks on crypto exchanges increased by 44 percent compared to 2020. In 2021, one of the largest cryptocurrency thefts in history occurred, when attackers stole about $600 million from the PolyNetwork cryptocurrency exchange. The cybercriminals exploited vulnerabilities in the interaction protocols. Another method that is gaining popularity is the exploitation of web vulnerabilities on websites of cryptocurrency platforms.
The popularity of Linux is increasing every year, especially in the wake of import substitution in Russia, which attackers could not fail to ignore. Starting from Q2 2021, Positive Technologies noted that more and more malware developers were adjusting their creations for attacks on Linux systems. If this OS is used in your infrastructure, regularly scan it for malicious activity, check files in a sandbox before they are launched in the system, and install security updates in a timely manner.
In 88 percent of attacks on individuals, cybercriminals used social engineering. Popular phishing topics in 2021 included the COVID-19 pandemic, movie and TV series premieres, investments, and corporate mailings. In 2021, the topic of investments was of particular interest to attackers—Positive Technologies associates such interest with the influx of nonprofessional investors (over the past year, more than 6 million people started trading on the Moscow Stock Exchange).
Throughout the year, Positive Technologies identified new high-profile vulnerabilities that attackers immediately exploited, to which hundreds and thousands of organizations worldwide fell victim. Among such vulnerabilities were ProxyLogon in MS Exchange, PrintNightmare in the Windows print manager, and CVE-2021-40444 in the MSHTML module of Internet Explorer. In December 2021, the term cyberpandemic was coined to describe the abundance of attacks using the vulnerability CVE-2021-44228 in the Log4j library. In 2021, the share of hacking and web vulnerability exploitation totaled 43 percent of all methods used in attacks on organizations, which was up 8 percentage points in comparison with the previous year.
Yana Yurakova, Information Security Analyst, Positive Technologies, comments: "Considering the complicated geopolitical situation, we predict an increase in the number of attacks, so we recommend that companies switch from standard information security processes to the principles of result-oriented security. We strongly recommend companies to focus primarily on protecting key and target assets and points of penetration into the internal network. They should also pay attention to organizing a vulnerability management process in the company. The main problem faced by information security specialists is the prioritization of vulnerabilities for elimination. At the end of 2021, we published our recommendations for solving this problem."